Modifying Group Membership in an LDAP Directory
Modifying Group Membership in an LDAP Directory
In order to optimize performance and minimize traffic between AM and an LDAP directory, AM caches information about user group memberships. When a user’s group membership is changed in an LDAP directory, AM cannot acknowledge the change until the cache is refreshed. As a result, these changes take effect after the cache refresh interval has elapsed. In the time between the change and the refresh, you may see the following behaviors:
- A user added to a group that has access to a restricted agent cannot authenticate to the restricted agent.
- A user who has been removed from a group that has access to a restricted agent can still authenticate to the agent.
You can flush the cache immediately using the Operations Console. For more information, see Flush the Cache.
For more information on configuring the cache, see Configure the Cache.
Related Articles
Modifying a User in an LDAP Directory Number of Views When Active Directory is integrated using Winbind, group membership for Active Directory users fails with the RSA Authenti… Number of Views Moving Users in an LDAP Directory Number of Views How to Include or Exclude an Active Directory OU from the Microsoft LDAP directory on RSA Authentication Manager 8.x Number of Views Move RSA Authentication Manager 8.1 users from the internal database to an external identity source along with their group… Number of Views
Trending Articles
Troubleshooting RSA SecurID Access Identity Router to RSA Authentication Manager test connection failures RSA SecurID Software Token 5.0.2 Downloads for Microsoft Windows RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Governance & Lifecycle 8.0.0 Administrators Guide Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory
Don't see what you're looking for?
